[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: cryptsetup problem

On Sun, 08 Jun 2014, Andrew McGlashan wrote:
> On 8/06/2014 9:48 AM, Henrique de Moraes Holschuh wrote:
> > Anyway, make sure you monkey around a lot with the keyboard and mouse before
> > you let the Debian installer generate any encrypted filesystems on a system
> > without a kernel-supported TRNG/HRNG/DRNG.  Or get a large file of random
> > numbers over the network and cat it into /dev/random (i.e. write to it as
> > root) using the Installer's console, before you tell it to generate any
> > crypto keys/encripted filesystems.
> What if the installer would just pull in some live video stream(s) such
> as YouTube, IPTV or even just live radio stations all via the Internet,
> would that help?  Even if it doesn't present the video and/or audio to
> the installer.

For this to be safe, you need it to be entirely under control of the user,
or to come from a trusted (and, if external, authenticated) source.

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to: